Fix bug where multiline data:image URI's in emails were stripped from the message on display (#8613)

CHANGELOG.md

@@ -21,6 +21,7 @@
 - Fix bug where setting 'Clear Trash on Logout' to 'all messages' didn't work (#8687)
 - Fix bug where the attachment menu wouldn't disappear after an action is selected (#8691)
 - Fix bug where some dialogs in an eml attachment preview would not close on mobile (#8627)
+- Fix bug where multiline data:image URI's in emails were stripped from the message on display (#8613)
 
 ## Release 1.6.0
 

program/lib/Roundcube/rcube_washtml.php

@@ -427,7 +427,7 @@ class rcube_washtml
                 return $this->config['blocked_src'];
             }
         }
-        else if ($is_image && preg_match('/^data:image\/([^,]+),(.+)$/i', $uri, $matches)) { // RFC2397
+        else if ($is_image && preg_match('/^data:image\/([^,]+),(.+)$/is', $uri, $matches)) { // RFC2397
             // svg images can be insecure, we'll sanitize them
             if (stripos($matches[1], 'svg') !== false) {
                 $svg = $matches[2];

tests/Framework/Washtml.php

@@ -49,6 +49,19 @@ class Framework_Washtml extends PHPUnit\Framework\TestCase
         $this->assertMatchesRegularExpression('|href="http://domain\.com"|', $washed, "Link href with no protocol (#7454)");
     }
 
+    /**
+     * Test data:image with newlines (#8613)
+     */
+    function test_data_image_with_newline()
+    {
+        $html = "<p><img src=\"data:image/png;base64,12345\n\t67890\" /></p>";
+
+        $washer = new rcube_washtml;
+        $washed = $washer->wash($html);
+
+        $this->assertSame("<p><img src=\"data:image/png;base64,12345\n\t67890\" /></p>", $this->cleanupResult($washed));
+    }
+
     /**
      * Test XSS in area's href (#5240)
      */